XBox Live problem - 2wire NAT is not open

XBox Live problem - 2wire NAT is not open

I just got Uverse yesterday. I discovered that my NAT is moderate, which prevents me from joining my friends in games. I tried forwarding all the ports that microsoft reccomends... hasn't worked. Any input?

Re: XBox Live problem - 2wire NAT is not open

[ Edited ]

gregzoll_1 wrote:I wouldn't, because first it is not Microsoft's recommendation, and two it is Microsoft. Nothing really more to say, than itheir products are no more secure than leaving food out on the table, when you are in an area that is known for bear attacks. Pretty much the same concept, called common sense.

Unbelievable. Greg, please stop spreading misinformation based upon any prejudice you may have against Microsoft. This is indeed Microsoft's recommendation:

Re: XBox Live problem - 2wire NAT is not open

gregzoll_1 wrote:I wouldn't, because first it is not Microsoft's recommendation, and two it is Microsoft. Nothing really more to say, than itheir products are no more secure than leaving food out on the table, when you are in an area that is known for bear attacks. Pretty much the same concept, called common sense.

I think the one thing we know for sure is that in gregzoll's mind his opinion is law

Re: XBox Live problem - 2wire NAT is not open

And like Microsoft, it leaves you open for trouble. Again, if you hook the system up as is, to you router, it will work *gasp* out of the box, with no having to open any ports.

The whole reason Microsoft posted that info, was the problems with the original Xbox platform, and original Xbox-360 1st gen. The problems have been resolved with port issues, with later firmware updates and the later platforms for the Xbox-360.

________________________________________________________________

"Ren: Now listen, Cadet. I've got a job for you. See this button? Don't touch it! It's the History Eraser button, you fool!

Re: XBox Live problem - 2wire NAT is not open

nephipower wrote:

gregzoll_1 wrote:I wouldn't, because first it is not Microsoft's recommendation, and two it is Microsoft. Nothing really more to say, than itheir products are no more secure than leaving food out on the table, when you are in an area that is known for bear attacks. Pretty much the same concept, called common sense.

I think the one thing we know for sure is that in gregzoll's mind his opinion is law

No, it is that I know what the Frick I am talking about, when it comes to hooking up these game platforms to routers, and the security risks involved with opening ports out of Stealth to the Internet for all to see possible ways into your LAN.

________________________________________________________________

"Ren: Now listen, Cadet. I've got a job for you. See this button? Don't touch it! It's the History Eraser button, you fool!

Re: XBox Live problem - 2wire NAT is not open

Gregzoll_1,

After reading your responses to this thread, I'm now of the opinion that not all A.C.E. recipients are created equal. I find the other award recipients very helpful to this community, but you've now made my "ignore list." (It's a bit inaccurate to call it a "list" since there's only one name on it.)

The original poster seems to have disappeared from this sorry thread. I assume he's gotten his Xbox issues worked out. And I'm finished trying to correct misinformation.

Re: XBox Live problem - 2wire NAT is not open

This thread is taking a different direction from the original topic. Please avoid any personal attacks or criticism.

While we encourage debates and discussions, we would like it to be carried out in a climate of mutual respect.

Let's remember to stay on topic.

Thanks,

Phil-101Community Moderator

Phil-101 • Community ModeratorRemember to always mark posts that resolved your issue with Accept as Solution.You can even mark multiple posts in a single thread. This will help other users find this information too!

Re: XBox Live problem - 2wire NAT is not open

[ Edited ]

OK, I don't have an XBox 360, so I can't test this, but I did a lot of research tonight on this issue because this has been an ongoing question/problem that has been posted several times on the forum. Here are a few facts and my recommendation:

The reason that the XBox 360 is very particular about the NAT on the user's router is due to the way the XBox 360 connects to other users to play a game. While the XBox Live servers are used to register and coordinate game play, the actual internet communication between XBox 360 consoles is peer-to-peer for several of the communication streams.

Even though a lot of XBox 360 communication is initiated from inside the firewall (i.e. the connection is outbound, and therefore the port opens automatically), this is sometimes not enough for proper game play, because multiple other XBox 360's have to send packets back to yours on that open port. Many routers will not allow a packet from just anyone on the Internet to come back in on that open port. Many routers will specifically only allow packets coming back in from the same source port as the initial outbound packet was directed to (if your router restricts inbound packets like this, then the NAT type is labeled "moderate"). Some routers go further and will only allow packets coming back in from the same source port AND the same source IP address as the initial outbound packet was directed to (if your router restricts inbound packets like this, then the NAT type is labeled "strict"). If your router is not restricting inbound packets by source port or IP address, then the NAT type is labeled "open".

The XBox 360 is smart enough to compensate for moderate and strict NAT types if the majority of the other people who have joined the game are open NAT types. Where problems occur is when multiple people in the game have moderate or strict NAT, then the gameplay won't work properly. Thus, the preferred setup is to have an open NAT type, because this makes it such that your XBox 360 can join and stay connected to any game on the Internet, regardless of other people's NAT types.

For routers that support Universal Plug and Play (UPnP), the XBox 360 can direct the router to open ports such that the NAT type will be open. However, as has been mentioned before:

UPnP is a security nightmare, because there is no authentication, authorization, or logging for UPnP requests to the router.

The 2Wire routers that AT&T uses do not support UPnP anyway.

Microsoft has some documentation in several places for how to open ports on your router if your router does not support UPnP. Unfortunately, these directions are incorrect, and open far more ports than are necessary for proper operation.

Here is the proper method to open ports on the 2Wire routers for the XBox 360. This should give you an open NAT.

Open a web browser, browse to the URL of your U-Verse® Residential Gateway (usually http://192.168.1.254).

Click the Settings tab at the top.

Click the Firewall label in the second row of tabs.

Click the Applications, Pinholes, and DMZ label in the third row of tabs.

Click on your XBox 360 under section (1). You will probably have to identify it by its IP address.

Click the Allow Individual Applications button under section (2).

Click Add a New User-Defined Application.

Type "XBox 360 Live" in the Application Profile Name field.

Select TCP for the protocol.

Type 3074 in the Port From and Port To fields.

Leave the Protocol Timeout field blank.

Leave the Map to Host Port field blank.

Do not select anything in the Application Type pull-down.

Click the Add to List button.

Select UDP for the protocol.

Type 3074 in the Port From and Port To fields.

Leave the Protocol Timeout field blank.

Leave the Map to Host Port field blank.

Do not select anything in the Application Type pull-down.

Click the Add to List button.

Select UDP for the protocol.

Type 88 in the Port From and Port To fields.

Leave the Protocol Timeout field blank.

Leave the Map to Host Port field blank.

Do not select anything in the Application Type pull-down.

Click the Add to List button.

Click the Back button.

Reselect your XBox 360 under section (1). You will probably have to identify it by its IP address.

Click the Allow Individual Applications button under section (2).

Click "XBox 360 Live" in the Application list.

Click the Add button. XBox 360 Live will now be listed in the Hosted Applications list.

Click the Save button at the bottom.

Now reboot your XBox 360, you should have an open NAT type.

This procedure opens only the necessary ports on your router (3074 TCP/UDP, and 88 UDP), and directs them to the XBox 360 only, not to the whole network. Thus, the security implications are minimal.

Hopefully, this procedure should work for you. Please post your results so that we know if this is solved or not.

Here are two of the references where this information is further discussed:

Re: XBox Live problem - 2wire NAT is not open

SomeJoe,

Thanks for your thorough analysis. For someone who doesn't even have an Xbox, you obviously put a lot of time into researching it. I don't know as much about networking as you do, but I did find this article about Port 53 and why at least that author recommends opening it to deal with future IPv6 DNS replies, among other things. I don't think IPv6 support has been implemented in the U-verse RGs yet, so AT&T may address the issue discussed in the article in any firmware update that implements it. Additionally, I'm not saying this is why Microsoft recommends opening Port 53; I don't know why they do.

But I completely agree that you should only open those ports that are necessary to get the Xbox working properly. I'm not aware of any reported instances of an Xbox-connected system ever being compromised with the ports open in the manner recommended by Microsoft, but if not opening Port 53 works, then so much the better.

Re: XBox Live problem - 2wire NAT is not open

Hi Ponzi,

Yes, the article is correct about allowing port 53, both TCP and UDP, for proper DNS operation with DNSSEC and IPv6. However, this only applies to DNS servers which are behind a firewall, not DNS clients.

The XBox's use of port 53 (just like any other computer on your home network) is limited to DNS client functionality only. In other words, the XBox asks a DNS server out on the Internet to resolve a host name. This is an outbound connection, and the port will be opened automatically on any NAT router for both TCP and UDP connections, as well as IPv6 connections when that gets implemented.

No requests will be incoming to the XBox on port 53, so we do not need to manually open the port.

Re: XBox Live problem - 2wire NAT is not open

That article is not written by Microsoft. It was written by someone who has been in the industry for around 14 years, stating their opinion. No where in it, does it imply anything regarding Microsoft suggesting the opening of Port 53.

Ponzi, you may want to actually read the article, along with the other links the party that wrote the article you linked, to get a better understanding what they are talking about, and why they are suggesting this work around for IPv6.

________________________________________________________________

"Ren: Now listen, Cadet. I've got a job for you. See this button? Don't touch it! It's the History Eraser button, you fool!

Re: XBox Live problem - 2wire NAT is not open

SomeJoe7777 wrote:

Hi Ponzi,

Yes, the article is correct about allowing port 53, both TCP and UDP, for proper DNS operation with DNSSEC and IPv6. However, this only applies to DNS servers which are behind a firewall, not DNS clients.

Re: XBox Live problem - 2wire NAT is not open

I am guessing that Greg does not run multiple gaming consoles at the same time nor does his son actually try to join someones game. I am having the issue of haveing one open NAT and one strict NAT. I can open the ports but it seems to only allow me to assign it to one of the xboxes and not both as if I try to assign the setting s to both I get an error stating those settings are already assigned.

Sooooo doeas anyone know how to get an open NAT for 2 xboxes at the same time?

Re: XBox Live problem - 2wire NAT is not open

A port can only be assigned to one internal address at a time. Think about what this does techincally, and you'll understand why: An unsolicited connection arrives at the RG. It has the RG's public address and a port number. The RG has to decide where to send it. It has no other information than the port, so the port has to tell it where to send the packet.

The only way around this would be to purchase a package of static addresses. Then you could assign a static address to each XBOX.

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: XBox Live problem - 2wire NAT is not open

Both xboxes have a static IP address. It does not matter. So far u-verse gateway is a piece of crap!!!!I guess this easily solves the problem of going back to comcast. At least their routers actually do support what they advertise. Multi gaming households. I was hoping since AT&T is taking over everywhere they would actually get with the times but no yet again they are still very lacking.